From 251ea1e6776401005e302addd56a689c01924426 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 19 Feb 2003 12:31:16 +0000 Subject: Merge minor library fixes from HEAD to 3.0. - setenv() replacement - mimir's ASN1/SPNEGO typo fixes - (size_t)-1 fixes for push_* returns - function argument signed/unsigned correction - ASN1 error handling (ensure we don't use initiailsed data) - extra net ads join error checking - allow 'set security discriptor' to fail - escape ldap strings in libads. - getgrouplist() correctness fixes (include primary gid) Andrew Bartlett (This used to be commit e9d6e2ea9a3dc01d3849b925c50702cda6ddf225) --- source3/libsmb/asn1.c | 21 ++++++++++++++++----- source3/libsmb/clispnego.c | 15 ++++++++------- source3/libsmb/errormap.c | 2 +- 3 files changed, 25 insertions(+), 13 deletions(-) (limited to 'source3/libsmb') diff --git a/source3/libsmb/asn1.c b/source3/libsmb/asn1.c index 333d157905..09d4fbb6c9 100644 --- a/source3/libsmb/asn1.c +++ b/source3/libsmb/asn1.c @@ -240,7 +240,9 @@ BOOL asn1_start_tag(ASN1_DATA *data, uint8 tag) uint8 b; struct nesting *nesting; - asn1_read_uint8(data, &b); + if (!asn1_read_uint8(data, &b)) + return False; + if (b != tag) { data->has_error = True; return False; @@ -251,13 +253,18 @@ BOOL asn1_start_tag(ASN1_DATA *data, uint8 tag) return False; } - asn1_read_uint8(data, &b); + if (!asn1_read_uint8(data, &b)) { + return False; + } + if (b & 0x80) { int n = b & 0x7f; - asn1_read_uint8(data, &b); + if (!asn1_read_uint8(data, &b)) + return False; nesting->taglen = b; while (n > 1) { - asn1_read_uint8(data, &b); + if (!asn1_read_uint8(data, &b)) + return False; nesting->taglen = (nesting->taglen << 8) | b; n--; } @@ -404,7 +411,11 @@ BOOL asn1_check_enumerated(ASN1_DATA *data, int v) if (!asn1_start_tag(data, ASN1_ENUMERATED)) return False; asn1_read_uint8(data, &b); asn1_end_tag(data); - return !data->has_error && (v == b); + + if (v != b) + data->has_error = False; + + return !data->has_error; } /* write an enumarted value to the stream */ diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index 3e28baa417..41b5c3f990 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -345,7 +345,7 @@ DATA_BLOB spnego_gen_negTokenTarg(const char *principal, int time_offset) /* parse a spnego NTLMSSP challenge packet giving two security blobs */ -BOOL spnego_parse_challenge(DATA_BLOB blob, +BOOL spnego_parse_challenge(const DATA_BLOB blob, DATA_BLOB *chal1, DATA_BLOB *chal2) { BOOL ret; @@ -387,7 +387,7 @@ BOOL spnego_parse_challenge(DATA_BLOB blob, /* - generate a SPNEGO NTLMSSP auth packet. This will contain the encrypted passwords + generate a SPNEGO auth packet. This will contain the encrypted passwords */ DATA_BLOB spnego_gen_auth(DATA_BLOB blob) { @@ -412,7 +412,7 @@ DATA_BLOB spnego_gen_auth(DATA_BLOB blob) } /* - parse a SPNEGO NTLMSSP auth packet. This contains the encrypted passwords + parse a SPNEGO auth packet. This contains the encrypted passwords */ BOOL spnego_parse_auth(DATA_BLOB blob, DATA_BLOB *auth) { @@ -447,11 +447,11 @@ DATA_BLOB spnego_gen_auth_response(DATA_BLOB *ntlmssp_reply, NTSTATUS nt_status) uint8 negResult; if (NT_STATUS_IS_OK(nt_status)) { - negResult = SPNGEO_NEG_RESULT_ACCEPT; + negResult = SPNEGO_NEG_RESULT_ACCEPT; } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - negResult = SPNGEO_NEG_RESULT_INCOMPLETE; + negResult = SPNEGO_NEG_RESULT_INCOMPLETE; } else { - negResult = SPNGEO_NEG_RESULT_REJECT; + negResult = SPNEGO_NEG_RESULT_REJECT; } ZERO_STRUCT(data); @@ -461,7 +461,8 @@ DATA_BLOB spnego_gen_auth_response(DATA_BLOB *ntlmssp_reply, NTSTATUS nt_status) asn1_push_tag(&data, ASN1_CONTEXT(0)); asn1_write_enumerated(&data, negResult); asn1_pop_tag(&data); - if (negResult == SPNGEO_NEG_RESULT_INCOMPLETE) { + + if (negResult == SPNEGO_NEG_RESULT_INCOMPLETE) { asn1_push_tag(&data,ASN1_CONTEXT(1)); asn1_write_OID(&data, OID_NTLMSSP); asn1_pop_tag(&data); diff --git a/source3/libsmb/errormap.c b/source3/libsmb/errormap.c index 09340caccd..8ee5ee3d31 100644 --- a/source3/libsmb/errormap.c +++ b/source3/libsmb/errormap.c @@ -1410,7 +1410,7 @@ static const struct { /***************************************************************************** convert a dos eclas/ecode to a NT status32 code *****************************************************************************/ -NTSTATUS dos_to_ntstatus(int eclass, int ecode) +NTSTATUS dos_to_ntstatus(uint8 eclass, uint32 ecode) { int i; if (eclass == 0 && ecode == 0) return NT_STATUS_OK; -- cgit